Skip to content

executes heartbleed attack on vulnerable SSL 1.0.1 version

Notifications You must be signed in to change notification settings

roflcer/heartbleed-vuln

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

heartbleed-vuln

The Heartbleed bug (CVE-2014-0160) is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, user names, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive.

The objective of this lab is for students to understand how serious this vulnerability is, how the attack works, and how to fix the problem. The affected OpenSSL version range is from 1.0.1 to 1.0.1f. The version in our Ubuntu VM is 1.0.1.

About

executes heartbleed attack on vulnerable SSL 1.0.1 version

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published